1.3 Problems with Existing Approaches to Securing 802.11
Networks
Current intrusion detection strategies [17, 16] seek to address the problem
of unauthorized access by monitoring the wireless network for a sequence of
events that exhibit odd behavior or violate a security policy, such as jumps
in sequence numbers or a station operating on a prohibited channel. This approach
can be evaded by stealthy intrusions that do not use brute force to
gain access or that do not behave out of profile. For example, an adversary
can compromise or capture and reverse engineer a sensor node, which carries
the necessary security information (i.e., encryption keys, authentication
information). The adversary can then use this information to masquerade as
an authorized node. In such a case, the adversary appears to have legitimate
access and does not exhibit alarming behavior because it had the proper credentials.
As this example demonstrates, a method of detecting unauthorized
access (even by authorized nodes) is necessary. If a breach goes undetected,
sensitive information can be stolen, network resources abused, or more sophisticated
attacks targeting legitimate sensors can be launched. Detecting
unauthorized access a?®ords an opportunity to respond to the intrusion and
curtail the potential damage to preserve the privacy and integrity of the sensor
network.
1.4 Key Ideas and Outline
To address the problem of unauthorized access, we introduce a technique to
identify an unauthorized node based on the composition of its radio interface
(RI).
Pages:
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668